Microsoft's Patch Tuesday for May 2025 addressed 78 vulnerabilities in total, including five
zero-day flaws actively exploited in attacks, as well as eight high-risk vulnerabilities. Among these, six vulnerabilities were reported and patched last week, along with five Chromium-based Microsoft Edge vulnerabilities.
Earlier reports included critical Azure vulnerabilities with a severity rating of up to 10.0, which have already been resolved by Microsoft.
Zero-Day Vulnerabilities in May 2025 Patch Tuesday
The five zero-day vulnerabilities were also added to the CISA’s Known Exploited Vulnerabilities catalog. These included:
- CVE-2025-30397: A 7.5-severity Scripting Engine Memory Corruption vulnerability. Exploiting this flaw requires some preparation, including using Edge in Internet Explorer Mode and an authenticated client clicking on a crafted URL to enable remote code execution.
- CVE-2025-30400: A 7.8-severity Microsoft DWM Core Library Elevation of Privilege/Use After Free vulnerability with low attack complexity. It could allow an attacker to gain SYSTEM privileges.
- CVE-2025-32701: A 7.8-rated vulnerability in the Windows Common Log File System Driver, which allows elevation of privilege due to a low-complexity "Use After Free" flaw.
- CVE-2025-32706: A 7.8-severity flaw in the Windows Common Log File System Driver, related to improper input validation, enabling SYSTEM privilege escalation with low attack complexity.
- CVE-2025-32709: A 7.8-severity vulnerability in the Windows Ancillary Function Driver for WinSock, which could lead to administrative privilege escalation due to "Use After Free" behaviour.
Critical Azure Vulnerabilities
Six vulnerabilities reported early on May 8 have already been fully mitigated. These include:
- CVE-2025-29813: A 10.0-rated Azure DevOps Server Elevation of Privilege Vulnerability
- CVE-2025-29827: A 9.9-rated Azure Automation Elevation of Privilege Vulnerability
- CVE-2025-29972: A 9.9-severity Azure Storage Resource Provider Spoofing Vulnerability
- CVE-2025-47733: A 9.1-severity Microsoft Power Apps Information Disclosure Vulnerability
- CVE-2025-47732: An 8.7-rated Microsoft Dataverse Remote Code Execution Vulnerability
High-Risk Vulnerabilities
Microsoft categorized eight vulnerabilities as "more likely to be exploited," with severities ranging from 7.0 to 8.4. These include:
- CVE-2025-30386: Microsoft Office Remote Code Execution Vulnerability (8.4 severity)
- CVE-2025-24063: Kernel Streaming Service Driver Elevation of Privilege Vulnerability (7.8 severity)
- CVE-2025-29976: Microsoft SharePoint Server Elevation of Privilege Vulnerability (7.8 severity)
- CVE-2025-30382: Microsoft SharePoint Server Remote Code Execution Vulnerability (7.8 severity)
- CVE-2025-30385: Windows Common Log File System Driver Elevation of Privilege Vulnerability (7.8 severity)
- CVE-2025-30388: Windows Graphics Component Remote Code Execution Vulnerability (7.8 severity)
- CVE-2025-29971: Web Threat Defense (WTD.sys) Denial of Service Vulnerability (7.5 severity)
- CVE-2025-29841: Universal Print Management Service Elevation of Privilege Vulnerability (7.0 severity)
Other Vendors Releasing Updates
Along with Microsoft, several other vendors also released updates as part of May 2025 Patch Tuesday, including:
- Ivanti
- SAP
- Intel
- Fortinet
- Apple
- Juniper Networks
- Zoom
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
